Creating Kerberos users

You can use password authentication or the cassandra@REALM Kerberos principal to create Kerberos users.

DataStax Enterprise automatically creates a cassandra superuser, which you can authenticate as and use cqlsh to create other users. Two methods are available:

Use password authentication:
1. In the cassandra.yaml file, set the authenticator to org.apache.cassandra.auth.PasswordAuthenticator.
2. Start cqlsh and login using the superuser name and password:
```
$ ./cqlsh -u cassandra -p cassandra
```
3. Create the other Kerberos users, such as user@REALM. Be sure to create at least one with superuser privileges.
4. Remove the cassandra user. See DROP USER. This step is optional but highly recommended.
5. Re-enable Kerberos authorization in the cassandra.yaml file:
```
authenticator: com.datastax.bdp.cassandra.auth.KerberosAuthenticator
```
Use the cassandra@REALM Kerberos principal:
1. As shown in step 6 in Authenticating a DataStax Enterprise cluster with Kerberos, create a cassandra@REALM Kerberos principal and turn on Kerberos authorization.
2. Log in and create the other Kerberos users. Be sure to create at least one with superuser privileges.
3. Remove the cassandra user. See DROP USER. This step is optional but highly recommended.